Intersection of Projects [Illegal Activity As Security and Anonymity Metric]

Mon Jun 30 13:54:33 PDT 2014

In a long thread starting here:
https://lists.torproject.org/pipermail/tor-talk/2014-June/033406.html

On Mon, Jun 30, 2014 at 3:22 PM, Morgan Smith <tor-exit0@intersafeit.com> wrote:
> On 6/28/2014 10:01 AM, Mark McCarron wrote:
>> Anyway, we have a simple solution to this global view and hidden services.  We just implement a distributed hosting solution within the Tor system and end-to-end visibility is gone.
> I'm nowhere near done sifting through this thread however Freenet may
> may already provide this kind of functionality. In the spirit of
> software doing one only and doing it well then perhaps it is good to be
> handled by a separate project.

If I recall correctly, this subthread was about people getting
shuttered because their Apache etc was insecure, and that
somehow creating [paid] hosting services for them within
relatively general purpose nets like Tor was the solution. News:
those services are still open to the same exploits, and still use
the same HS mechanism that has potential whitepaper
exploits too. Further, he [or whoever OP'd the subthread] did
not define what they meant by "distributed' or "removing 'visibility'
of one end".

Stepping back from the above specific, and re: Freenet...
I think someone else mentioned or hinted at layering to
enhance things. Yes, interestingly you can in fact
layer some systems upon general anonymous transports,
especially if they offer IP transport. ie: Use Tor/I2P
with onioncat, cjdns, phantom... layer tahoe+lafs,
freenet, messaging, Bitcoin, torrent, etc on top. Gnunet,
MaidSafe and others I missed probably fit somewhere too.
Mash it up however you like. (Excepting where they did not
coordinate their collision spaces, such as in IPv6 addressing).
It tends to be complex, slow and fraught with timeouts,
but some combinations work ok.

At some point you must regularly sit back from your own
project or usage and take time to categorize all the systems
out there, what they are good and bad at, and then admit
to yourself (or as a user) whether layering is valid... or more
importantly, whether you should merge forces with other projects
to, up to and including, scrapping old and writing new projects
that provide both user utility and resistance against attacks
of interest. Or is your usage the best it can be? Can you in fact
create an all in one tool? Or can you create a well defined
intersection amongst projects / tools such that their layered sum
equals coverage against all attack classes, or the subset you're
interested in or subject to. And can you create a similar intersection
matrix for the services offered (web, messaging, storage) by such
networks. Can you coordinate research, structure and promote
projects in such a way as to cooperatively and formally provide a
complete set of resistance and services?